package org.shoukaiseki.common.utils;

import org.shoukaiseki.common.exception.MessageVirtualException;

import java.util.regex.Pattern;

/**
 *
 **/
public class MybatisUtils {

    public static final String  SQL_PATTERN = "[a-zA-Z0-9_\\ \\,\\.]+";


    /**
     * 检查字符，防止注入绕过
     */
    public static String escapeTableOrColumnSql(String value){
        if (StringUtils.isNotEmpty(value) && !isValidTableOrColumnSql(value)) {
            throw new MessageVirtualException("参数不符合规范，不能进行查询");
        }
        return value;
    }


    public static boolean isValidTableOrColumnSql(String value){
        if(value==null){
            return true;
        }
        return value.matches(SQL_PATTERN);
    }

}
